commit 87fa2ed12fa64d65f5baf3a660434c786c1da24e
parent 5d39969913d65da5c57edd7d5f77ff1576fd2bc4
Author: Florian Dold <florian@dold.me>
Date: Sun, 25 May 2025 22:58:43 +0200
gls int / gls role
Diffstat:
3 files changed, 64 insertions(+), 0 deletions(-)
diff --git a/inventories/default b/inventories/default
@@ -1,6 +1,7 @@
# Same host, but two mutually exclusive configurations
fdold-acai-tops ansible_port=22 ansible_user=root ansible_host=188.245.187.147
fdold-acai-gls ansible_port=22 ansible_user=root ansible_host=188.245.187.147
+fdold-guava-glsint ansible_port=22 ansible_user=root ansible_host=guava.box.fdold.eu
[testing]
rusty ansible_port=22 ansible_user=root ansible_host=rusty.taler-ops.ch
diff --git a/inventories/host_vars/fdold-guava-glsint/prod-secrets.yml.gpg b/inventories/host_vars/fdold-guava-glsint/prod-secrets.yml.gpg
Binary files differ.
diff --git a/inventories/host_vars/fdold-guava-glsint/test-public.yml b/inventories/host_vars/fdold-guava-glsint/test-public.yml
@@ -0,0 +1,63 @@
+---
+# Pregenerated dhparam.pem is less secure
+# but significantly faster.
+USE_PREGENERATED_DHPARAM: true
+# No auditor (yet)
+deploy_auditor: false
+deploy_monitoring: false
+# We use EBICS to talk to the bank.
+use_ebics: false
+# Use externally created EBICS keys.
+ebics_keys_external: false
+# Main domain name.
+DOMAIN_NAME: "glsint.fdold.eu"
+# High-level kind of deployment.
+# Other customizations depend on this.
+# Can be "gls" or "tops" (later: "magnet")
+DEPLOYMENT_KIND: "gls"
+# Our internal hostname
+TARGET_HOST_NAME: "guava.box.fdold.eu"
+# Disable restore from backup? MUST be set to "false" once in production!
+# This forces a backup to be provided *if* there is no database on the
+# target system already. If such a database exists, we will NOT restore
+# any backup even if this is 'false'. If no database exists on the target
+# system and this option is 'false', then a backup must have been provided
+# at the originating host (you get get it using the 'restore.sh' script).
+DISABLE_RESTORE_BACKUP: true
+# Use nightly Taler distro (true/false).
+USE_NIGHTLY: false
+# Our currency.
+CURRENCY: EUR
+# Smallest unit of the currency for wire transfers.
+CURRENCY_ROUND_UNIT: "EUR:0.01"
+# Base URL of the exchange REST API
+EXCHANGE_BASE_URL: "https://exchange.{{ DOMAIN_NAME }}/"
+# Exchange offline master public key.
+EXCHANGE_MASTER_PUB: GW875YV09RZ743X045DNSQC7SFNF0G66707H7PT3TP0RWPAPR340
+# URL with merchants accepting this exchange.
+EXCHANGE_SHOPPING_URL: "https://shops.taler.gls.de/"
+# Name of Terms of service resource file
+EXCHANGE_TERMS_ETAG: "exchange-gls-tos-test-v1"
+# Name of Privacy policy resource file
+EXCHANGE_PP_ETAG: "exchange-pp-v0"
+# Full BIC of exchange account
+EXCHANGE_BANK_ACCOUNT_BIC: "GENODEM1GLS"
+# Full Payto URI of exchange account (for credit and debit)
+EXCHANGE_BANK_ACCOUNT_IBAN: "DE04601202004238636548"
+# Full Payto URI of exchange account (for credit and debit)
+EXCHANGE_BANK_ACCOUNT_PAYTO: "payto://iban/{{ EXCHANGE_BANK_ACCOUNT_IBAN }}?receiver-name=GLS+Taler+Internal"
+# Port to be used by libeufin-nexus for the taler-exchange-wire-gateway
+LIBEUFIN_PORT: 8082
+# Name of the exchange account at libeufin-nexus
+LIBEUFIN_EXCHANGE_ACCOUNT: "exchange"
+# Which KYC/AML rules to set up.
+# Name of the bank dialect
+LIBEUFIN_NEXUS_BANK_DIALECT: "gls"
+# SPA dialect (tops, gls, magnet, ...)
+EXCHANGE_SPA_DIALECT: "gls"
+# Business name of the exchange operator
+EXCHANGE_OPERATOR_LEGAL_NAME: "GLS Taler Internal"
+# Where to send people after they passed KYC.
+KYC_THANK_YOU_URL: https://taler.gls.de/thank-you-kyc
+# Tool to use for sanction list checking
+EXCHANGE_SANCTION_HELPER: taler-exchange-helper-sanctions-dummy
